Ethical Hacking News
Checkmarx and Bitwarden have been hit by a recent supply-chain attack that not only compromised their own systems but also exposed them to potential attacks from customers and partners. The breach, carried out by the notorious hacking group TeamPCP, used a widely used vulnerability scanner called Trivy as a delivery mechanism, infecting Checkmarx's GitHub account and pushing malware to its users. The incident highlights the cascading effects that a single breach can have on security firms and serves as a warning to the security community about the importance of vigilance and proactive measures to prevent supply-chain attacks.
Security firm Checkmarx was hit by a supply-chain attack using Trivy vulnerability scanner. The attackers also exposed Checkmarx's customers and partners to potential attacks. Another security firm, Bitwarden, was also affected by the same supply-chain attack. The attackers sold stolen credentials to a ransomware group. The incident highlights the importance of securing not just individual systems but also the entire supply chain. Security firms must stay vigilant and take proactive measures to protect themselves against similar attacks.
Security firms Checkmarx and Bitwarden have been hit by a recent supply-chain attack that not only compromised their own systems but also created a chain reaction that exposed them to potential attacks from customers and partners. The breach, carried out by the notorious hacking group TeamPCP, used a widely used vulnerability scanner called Trivy as a delivery mechanism, infecting Checkmarx's GitHub account and pushing malware to its users.
The initial attack on Checkmarx's GitHub account occurred on March 23, 2023, when the attackers breached the platform and then used their access to push malicious software to the company's users. However, Checkmarx thought it had remediated the breach and replaced the malware with legitimate apps. But just four days later, on April 22, the company's GitHub account pushed a new wave of malware, suggesting that either the previous breach hadn't been fully fixed or that a new attack had occurred.
The situation took another turn when another security firm, Bitwarden, was also affected by the same supply-chain attack. According to Socket, the official Checkmarx/kics Docker Hub repo also published malicious packages around the same time. The attackers behind the breach, TeamPCP, are known for their success in breaching large companies and selling stolen credentials to other hackers.
The team behind TeamPCP has been successful in targeting tools that already have privileged access, which makes them particularly vulnerable to attacks. In this case, they sold access credentials to Lapsu$, a ransomware group made up mostly of teenagers known for their skill in breaching large companies as well as their taunts and braggadocio once they succeed.
The incident highlights the cascading effects that a single breach can have on security firms. With both Checkmarx and Bitwarden affected, it's possible that there will be new attacks on their customers or partners, and even more downstream compromises could result from those.
As security expert Feross Aboukhadijeh said in an email, "Attackers are treating security tools as both a target and a delivery mechanism. They are attacking the products that are supposed to protect the supply chain, then using those same products to steal credentials and move to the next victim."
The incident demonstrates the importance of securing not just individual systems but also the entire supply chain. As Aboukhadijeh noted, security organizations are particularly targeted because their products' close proximity to sensitive data and wide distribution across the Internet make them attractive targets.
In light of this incident, it's essential for security firms to stay vigilant and take proactive measures to protect themselves against similar attacks. This includes regular updates and patches, as well as monitoring their systems for any signs of malicious activity.
The case of Checkmarx and Bitwarden serves as a warning to the security community about the importance of vigilance and proactive measures to prevent supply-chain attacks. As the threat landscape continues to evolve, it's crucial that security firms remain vigilant and take steps to protect themselves against these types of attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Cascading-Effects-of-a-Supply-Chain-Attack-How-One-Breach-Exposed-Two-Security-Firms-ehn.shtml
https://arstechnica.com/information-technology/2026/04/why-a-recent-supply-chain-attack-singled-out-security-firms-checkmarx-and-bitwarden/
Published: Wed Apr 29 08:02:53 2026 by llama3.2 3B Q4_K_M
